Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4F9035C4.8030103@redhat.com>
Date: Thu, 19 Apr 2012 09:56:52 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: Henri Salo <henri@...v.fi>
CC: oss-security@...ts.openwall.com,
        Hanno Böck
 <hanno@...eck.de>,
        Yves-Alexis Perez <corsac@...ian.org>
Subject: Re: CVE-request: WordPress 3.1.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/19/2012 01:43 AM, Henri Salo wrote:
> On Tue, Apr 17, 2012 at 11:10:27PM -0600, Kurt Seifried wrote:
>> Can you make a clean list of security issues and the versions 
>> affected? Thanks.
> 
> Two issues in 3.1.1 are without 2011 CVE-identifiers, which are
> announced in here:
> http://wordpress.org/news/2011/04/wordpress-3-1-1/ (April 5,
> 2011).
> 
> Issue #1:
> 
> http://osvdb.org/show/osvdb/72141 
> http://secunia.com/advisories/44038/
> 
> "Certain unspecified input is not properly sanitised before being
> returned to the user. This can be exploited to execute arbitrary
> HTML and script code in a user's browser session in context of an
> affected site."

Please use CVE-2011-4956 for this issue.

> Issue #2:
> 
> http://osvdb.org/show/osvdb/72142 
> http://secunia.com/advisories/44038/
> 
> "The "make_clickable()" function in wp-includes/formatting.php does
> not properly check the URL length in comments before passing it to
> the PCRE library, which can be exploited to cause a crash."

Please use CVE-2011-4957 for this issue.

> Both vulnerabilities are reported in versions prior to 3.1.1.
> 
> - Henri Salo


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPkDXDAAoJEBYNRVNeJnmTEkUP/2JcZah+MvvsfkT04zWOGpwO
72szSSSvrLzEyIyJatAVvEjIEI4/q1voaYxBJXWkDAqx2r3v3Ni3Ns2Rd8SLK5Uk
QG7XfUs/aVrW9eQSJ/keD5XSTdmFbA0EwVuEA7/x/N9ODFG8YHW5O8k7sazDlRzp
N7VipPKEa8OqYg/9t6EAFvfIZdkvZ7lS4Nrzgd7j3eT/VnmshU5JLMosdYxbbWol
5VnkEQ8FvhqpCdlRDSGS2kJxrwbhos50ad9aFwQXfMcXNQlENUEogLF1uCVRt5UW
wm7xNeboi+zbiCBfo7BkwiDmsuZhCTHwt5EV4jJ60GDIfY91ode1N3tXt785/li2
EHtwbkO2C2k2vPqNh8pKKHOV9xqAwLhYIN6JqGN1Eywz4xQrVgqzPT6meai5Y8f3
pEeX0hKPT0P/Zq6zK0vpVUN2bHYmSbIRJqOaAWEPFiQ/HnngDflQR8KcnQ7Edbk/
9wWsjZ0raHMuYg3TgI/idLpimj6jNBUDUPzdrfufU4AuihQ79wIhwmpRcKh6sNHu
bgGSxFl/TbSKFknECbgkNDmoxq+RrH7MW3eEsBTeQyRDBW62ZiJikfokYid/kMRn
XxMhQBx7zYfOsOzvh9a+FC2+5scn6uZUDgNUx5Jy/8GeqCLuq2/PqHpSukpZcftF
l1zzfWJ5VEmNwkAp2Hz/
=hp+u
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.